rpm/nginx
SHA256
1
0
Fork 0
forked from pool/nginx
Code Pull Requests Activity

Accepting request 356414 from home:MargueriteSu:branches:server:http

Browse Source 
security release

OBS-URL: https://build.opensuse.org/request/show/356414
OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=57
This commit is contained in:
Marguerite Su
2016-01-28 02:13:05 +00:00
committed by Git OBS Bridge
parent cef2be01b1
commit 37d0b5a7dc
4 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
nginx.changes
View File

@@ -1,3 +1,41 @@
-------------------------------------------------------------------
Thu Jan 28 01:36:01 UTC 2016 - i@marguerite.su
- update version 1.8.1 stable
* Security: invalid pointer dereference might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause segmentation fault in a worker process (CVE-2016-0742).
 * Security: use-after-free condition might occur during CNAME response
processing if the "resolver" directive was used, allowing an attacker
who is able to trigger name resolution to cause segmentation fault in
a worker process, or might have potential other impact
(CVE-2016-0746).
 * Security: CNAME resolution was insufficiently limited if the
"resolver" directive was used, allowing an attacker who is able to
trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
 * Bugfix: the "proxy_protocol" parameter of the "listen" directive did
not work if not specified in the first "listen" directive for a
listen socket.
* Bugfix: nginx might fail to start on some old Linux variants; the bug
had appeared in 1.7.11.
* Bugfix: a segmentation fault might occur in a worker process if the
"try_files" and "alias" directives were used inside a location given
by a regular expression; the bug had appeared in 1.7.1.
* Bugfix: the "try_files" directive inside a nested location given by a
regular expression worked incorrectly if the "alias" directive was
used in the outer location.
* Bugfix: "header already sent" alerts might appear in logs when using
cache; the bug had appeared in 1.7.5.
* Bugfix: a segmentation fault might occur in a worker process if
different ssl_session_cache settings were used in different virtual
servers.
* Bugfix: the "expires" directive might not work when using variables.
* Bugfix: if nginx was built with the ngx_http_spdy_module it was
possible to use the SPDY protocol even if the "spdy" parameter of the
"listen" directive was not specified.
-------------------------------------------------------------------
Fri Oct 16 15:17:30 UTC 2015 - mrueckert@suse.de